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WHAT IS CLAIMED IS: 



1 1 . A system for secure licensing of content to a user on a user network- 

2 enabled device, the system comprising: 

3 at least one server network device communicatively coupled to the user 

4 network-enabled device; 

5 wherein the at least one server network device is programmed to transfer 

6 selected content to the user network-enabled device; and 

7 a license generator, the license generator being programmed to generate a 



8 license associated with the selected content, the license comprising access information for 

9 controlling the user network-enabled device to produce a user-perceptible form of the 
l£p selected content when conditions defined by the access information are met and to inhibit 
H production of a user-perceptible form of the selected content when conditions defined by the 
ft access information are not met. 



Wl 2. The system recited in claim 1, wherein the at least one server 

* 2 network device is further programmed to receive at a first node on the network a request 

~j§ for content from the user network-enabled device at a second node on the network; 

]=3 wherein the transfer of selected content comprises transferring the requested 

13 content in response to the receipt of the request at the second node. 

1 3. The system recited in claim 1, wherein the content is encrypted. 

1 4. The system recited in claim 1, wherein the at least one server network 

2 device is further programmed to receive at the first node on the network a request for the 

3 license from the user network-enabled device at the second node on the network; and 

4 wherein the at least one server network device is further programmed to 

5 transfer the requested license to the user network-enabled device at the second node. 

1 5. The system recited in claim 1 , wherein the license is a data object. 

1 6. The system recited in claim 5, wherein the data object comprises a 

2 plurality of data fields, at least a portion of the plurality of data fields containing the access 

3 information. 
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1 7. The system recited in claim 1, wherein the access information 

2 comprises at least one of a content rental model, an expiration date of the license, user 

3 network-enabled device identification information, media player identification information, 

4 a GUID identifying particular content, and an encryption key for decrypting encrypted 

5 content. 

1 8. The system recited in claim 7, wherein the content rental model 

2 defines at least one of a specified period of time and a specified number of plays. 

1 9. The system recited in claim 7, wherein the content rental model 

2 defines an unlimited number of plays on any user network-enabled device. 

*jf 10. The system recited in claim 7, wherein the content rental model 

.~2 includes a watermark, the watermark allowing the user to rewind only a determined time 

r= 4 interval from the current position in the movie. 

J! 1 1 . The system recited in claim 1 , further comprising at least one 

tZ application server, the at least one application server being communicatively coupled to both 

% the at least one server network device and the license generator; 

ot wherein the at least one application server is programmed to receive the 

5 license request from the at least one server network and to transfer the license request to the 

6 license generator. 

1 12. The system recited in claim 11, wherein the at least one application 



2 server is further programmed to provide business rules to the license generator, the 

3 business rules being included in the license request by the at least one application server 

4 before transferring the license request to the license generator, the business rules defining 

5 the types of licenses that the license generator may generate. 



1 13. The system recited in claim 11, wherein the at least one application 

2 server is further programmed to gather and store personalization information about users. 

1 14. The system recited in claim 11, wherein the at least one application 

2 server is further programmed to create dynamic Web pages. 
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1 15. The system recited in claim 11, further comprising a firewall situated 

2 between the at least one server network device and the at least one application server, the 

3 firewall preventing unauthorized access to the at least one application server. 

1 16. The system recited in claim 11, further comprising a firewall situated 

2 between the at least one application server and the license generator, the firewall preventing 

3 unauthorized access to the license generator. 

1 1 7. A method for secure licensing of content to a user on a user network- 

2 enabled device, the method comprising: 

3 transferring selected content to the user network-enabled device; and 
C# generating a license associated with the selected content, the license 

g} comprising access information for controlling the user network-enabled device to produce a 

user-perceptible form of the selected content when conditions defined by the access 

:{? mformation are met and to inhibit production of a user-perceptible form of the selected 

=J§ content when conditions defined by the access information are not met. 

2 18 - Tne metn od recited in claim 17, wherein the license is a data object. 

2 19 - Tne method recited in claim 18, wherein the data object comprises a 

j : 2 plurality of data fields, at least a portion of the plurality of data fields containing the access 

3 information. 

1 20. The method recited in claim 17, wherein the access information 

2 comprises at least one of a content rental model, an expiration date of the license, user 

3 network-enabled device identification information, media player identification information, 

4 a GUID identifying particular content, and an encryption key for decrypting encrypted 

5 content. 

1 2 1 . A system for secure licensing of content to a user on a user network- 

2 enabled device, the system comprising: 

3 at least one server network device communicatively coupled to the user 

4 network-enabled device: 
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5 wherein the at least one server network device is programmed to transfer a 

6 license associated with the content to the user network-enabled device, the license comprising 

7 access information which defines access rights to the content; and 

8 wherein the user network-enabled device is programmed to provide media 

9 player and security technology, the media player and security technology verifying the 

10 access rights and allowing the user network-enabled device to produce a user-perceptible 

1 1 form of the content only when the content is properly licensed and inhibiting the user 

12 network-enabled device from producing a user-perceptible form of the content when the 

13 content is not properly licensed. 

jas J 22 • Tne system recited in claim 21 , wherein the media player and 

\§ security technology comprises a media player for displaying the content in a user- 

jjf perceptible form. 

jjf 23. The system recited in claim 22, wherein the media player and 

security technology further comprises at least one of decryption code for decrypting 

1 J encrypted content, a CODEC for decompressing compressed content, a monitor for 

S displaying the media player to the user, and a hardware interface between the media player 

jg and the monitor. 

1 24. The system recited in claim 23, wherein the media player and 

2 security technology further comprises digital rights management code for providing a 

3 secure inter-process communication data stream between the decryption code, the CODEC, 

4 the media player, the hardware interface, and the monitor. 

1 25. The system recited in claim 24, wherein the digital rights 

2 management code is protected against tampering by at least one of code obfuscation and 

3 anti-debugging techniques. 

1 26. The system recited in claim 24, wherein the digital rights 

2 management code provides the secure inter-process communication data stream between the 

3 decryption code, the CODEC, the media player, the hardware interface, and the monitor by 

4 performing an integrity check on at least one of the media player, the decryption code, the 

5 CODEC, the hardware interface, and the monitor in order to detect tampering. 
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1 27. The system recited in claim 26, wherein the digital rights 

2 management code inhibits the display of content in a user-perceptible form when at least 

3 one of the media player, the decryption code, the CODEC, the hardware interface, and the 

4 monitor do not pass the integrity check. 

1 28. The system recited in claim 24, wherein the media player and security 

2 technology further comprises a protected database in communication with the digital rights 

3 management code; 

4 wherein the protected database securely stores transferred licenses. 

1 29. The system recited in claim 28, wherein the protected database is 

~§ protected by encryption methods. 

jtj 30. The system recited in claim 29, wherein the digital rights 

' jt management code comprises a root key, the root key unlocking licenses within the 

ip protected database. 

rf 31. The system recited in claim 29, wherein the digital rights 

:g management code examines the access information within the unlocked license and 

2 determi nes the access rights to the content provided by the unlocked license. 

1 32. The system recited in claim 22, wherein the access information 

2 comprises at least one of a content rental model, an expiration date of the license, user 

3 network-enabled device identification information, media player identification information, 

4 a GUID identifying particular content, and an encryption key for decrypting encrypted 

5 content. 

1 33. The system recited in claim 32, wherein the digital rights 

2 management code allows the user network-enabled device to produce a user-perceptible 

3 form of the content only when the content is properly licensed by enforcing compliance by 

4 the user with the content rental model contained in the unlocked license. 

1 34. The system recited in claim 32, wherein the digital rights 

2 management code allows the user network-enabled device to produce a user-perceptible 

3 form of the content only when the content is properly licensed by comparing user network- 



015.479530.3 



-27- 



PATENT 
Docket No: 041892-0203 

4 enabled device identification information in the unlocked license with the user network- 

5 enabled device on which the digital rights management code resides. 

1 35. The system recited in claim 32, wherein the digital rights 

2 management code allows the user network-enabled device to produce a user-perceptible 

3 form of the content only when the content is properly licensed by comparing media player 

4 identification information in the unlocked license with the media player on the user 

5 network-enabled device on which the digital rights management code resides. 

1 36. The system recited in claim 32, wherein the digital rights 

2 management code passes the encryption key contained in the unlocked license to the 
CP decryption code in order to decrypt the encrypted content. 

i|} 3 7 . A method for secure licensing of content to a user on a user network- 

1f enabled device, the method comprising: 

5 transferring a license associated with the content to the user network-enabled 

3 device, the license comprising access information which defines access rights to the content; 

; gj and 

gj providing media player and security technology on the user network-enabled 

O device, the media player and security technology verifying the access rights and allowing 

8 the user network-enabled device to produce a user-perceptible form of the content only 

9 when the content is properly licensed and inhibiting the user network-enabled device from 
producing a user-perceptible form of the content when the content is not properly licensed. 



10 



1 38. The method recited in claim 37, wherein the media player and 

2 security technology comprises a media player for displaying the content in a user- 

3 perceptible form. 

1 39. The method recited in claim 38, wherein the media player and 

2 security technology further comprises at least one of decryption code for decrypting 

3 encrypted content, a CODEC for decompressing compressed content, a monitor for 

4 displaying the media player to the user, and a hardware interface between the media player 

5 and the monitor. 
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1 40. The method recited in claim 39, wherein the media player and 

2 security technology further comprises digital rights management code for providing a 

3 secure inter-process communication data stream between the decryption code, the CODEC, 

4 the media player, the hardware interface, and the monitor. 

1 41 . The method recited in claim 40, wherein the media player and security 

2 technology further comprises a protected database in communication with the digital rights 

3 management code; 

4 wherein the protected database securely stores transferred licenses. 

1 42. The method recited in claim 41, wherein the protected database is 
r2 protected by encryption methods. 

Jfi 43. The method recited in claim 41, wherein the digital rights 

*"it management code comprises a root key, the root key unlocking licenses within the 

l|i protected database. 

>4 44. The method recited in claim 43, wherein the digital rights 

*§, management code examines the access information within the unlocked license and 

® determines the access rights to the content provided by the unlocked license. 

= 1 45. The method recited in claim 38, wherein the access information 

2 comprises at least one of a content rental model, an expiration date of the license, user 

3 network-enabled device identification information, media player identification information, 

4 a GUID identifying particular content, and an encryption key for decrypting encrypted 

5 content. 

1 46. The method recited in claim 45, wherein the digital rights 

2 management code allows the user network-enabled device to produce a user-perceptible 

3 form of the content only when the content is properly licensed by enforcing compliance by 

4 the user with the content rental model contained in the unlocked license. 

1 47. The method recited in claim 45, wherein the digital rights 

2 management code allows the user network-enabled device to produce a user-perceptible 

3 form of the content only when the content is properly licensed by comparing user network- 
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4 enabled device identification information in the unlocked license with the user network- 

5 enabled device on which the digital rights management code resides. 

1 48. The method recited in claim 45, wherein the digital rights 

2 management code allows the user network-enabled device to produce a user-perceptible 

3 form of the content only when the content is properly licensed by comparing media player 

4 identification information in the unlocked license with the media player on the user 

5 network-enabled device on which the digital rights management code resides. 

1 49. The method recited in claim 45, wherein the digital rights 

2 management code passes the encryption key contained in the unlocked license to the 
ISP decryption code in order to decrypt the encrypted content. 

iJJ 50 - A system for revoking a license to access content in a user-perceptible 

':§ form on a user network-enabled device, the system comprising: 

5 at least one revocation server, the at least one revocation server transferring to 

s 4 the user network-enabled device a revocation certificate; 

jf wherein the revocation certificate comprises revocation information for 

Jl controlling the user network-enabled device to inhibit production of a user-perceptible form 

13 of the content when conditions contained in the revocation information are satisfied. 

1 51 . The system recited in claim 50, further comprising media player and 

2 security technology for verifying the license and allowing the user network-enabled device 

3 to produce a user-perceptible form of the content only when the content is properly licensed 

4 and inhibiting the user network-enabled device from producing a user-perceptible form of 

5 the content when the content is not properly licensed. 

1 52 . The system recited in claim 5 1 , wherein the media player and 

2 security technology comprises a media player for displaying the content in a user- 

3 perceptible form. 

1 53. The system recited in claim 52, wherein the media player and 

2 security technology further comprises at least one of decryption code for decrypting 

3 encrypted content, a CODEC for decompressing compressed content, a monitor for 
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4 displaying the media player to the user, and a hardware interface between the media player 

5 and the monitor. 

1 54. The system recited in claim 53, wherein the media player and 

2 security technology further comprises digital rights management code for providing a 

3 secure inter-process communication data stream between the decryption code, the CODEC, 

4 the media player, the hardware interface, and the monitor. 

1 55. The system recited in claim 50, wherein the revocation certificate is a 

2 data object. 

1 56. The system recited in claim 55, wherein the data object comprises a 

=jf plurality of data fields, at least a portion of the plurality of data fields containing the 

ill revocation information. 

57. The system recited in claim 56, wherein the revocation information 

# comprises information about specific media player and security technology for which access 

|3 to a user-perceptible form of the content is inhibited. 

yj 58. The system recited in claim 56, wherein the revocation information 

J3 comprises information about specific content for which access in a user-perceptible form is 

3 inhibited. 

1 59. The system recited in claim 51, wherein the media player and security 

2 technology further comprises a protected database in communication with the digital rights 

3 management code; 

4 wherein the protected database securely stores transferred revocation 

5 certificates. 

1 60. The system recited in claim 59, wherein the protected database is 

2 protected by encryption methods. 

1 61. A method for communicating revocation certificates for revoking 

2 licenses to access content in a user-perceptible form on a user network-enabled device, the 

3 method comprising: 
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6 



4 polling of a revocation server by the user network-enabled device, the 

5 revocation server containing a list of the revocation certificates; and 
transferring the revocation certificates to the user network-enabled device. 

1 62. The method recited in claim 61 , wherein polling of the revocation 

2 server comprises polling the revocation server on a defined periodic basis. 

63. The method recited in claim 62, wherein the defined periodic basis is 



1 



2 once every ten days. 

1 64. The method recited in claim 61, wherein transferring the revocation 

J; certifi cates to the user network-enabled device comprises transferring the revocation 

iff certificates to a protected database on the user network-enabled device. 

Q 65. The method recited in claim 64, wherein the protected database is 

:j| protected by encryption methods. 

!ij 66 • The method recited in claim 62, further comprising inhibiting access 

to content in a user-perceptible form on the user network-enabled device when the 

j| revocation server has not been polled by the user network-enabled device within the defined 

3 period. 

1 67. A method for communicating revocation certificates for revoking 

2 licenses to access content in a user-perceptible form on a user network-enabled device, the 

3 method comprising: 
attaching a list of the revocation certificates to a requested license for content; 



4 

5 and 



6 transferring the requested license, over a network, to the user network- 

7 enabled device. 

1 68 . The method recited in claim 67, wherein attaching a list of the 

2 revocation certificates to a requested license for content comprises an application server 

3 attaching the list to the requested license. 
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1 69. The method recited in claim 67, wherein transferring the requested 

2 license to the user network-enabled device comprises transferring the requested license to a 

3 protected database on the user network-enabled device. 

1 70. The method recited in claim 69, wherein the protected database is 

2 protected by encryption methods. 

1 71 . A method for authenticating a license to access content in a user- 

2 perceptible form on a user network-enabled device, comprising: 

3 connecting to a server network device, the server network device being 

4 communicatively coupled to the user network-enabled device via a communication link; 

i=§ comparing the content with content identification information contained in the 

:*|> license; 

TiT comparing the user network-enabled device with user network-enabled device 

S identification information contained in the license; and 

.19 comparing the media player on the user network-enabled device with media 

3,0 player identification information contained in the license; 

M wherein the server network device is programmed to deny enablement of the 

15 license if the results of any of the comparisons are false and wherein the license resides on 

Jj[ the user network-enabled device. 

1 72. The method recited in claim 71 , wherein connecting to the server 

2 network device comprises automatically connecting to the server network device when an 

3 attempt is made to access the content on the user network-enabled device. 

1 73 . The method recited in claim 71 , wherein the comparisons are 

2 performed by media and security technology residing on the user network-enabled device. 

1 74. A system for authenticating a license to access content in a user- 

2 perceptible form on a user network-enabled device, comprising: 

3 a server network device communicatively coupled to the user network-enabled 

4 device via a communication link; 

5 wherein the user network-enabled device is programmed for 

6 connecting to the server network device via the communication link, 



015.479530.3 



-33- 



PATENT 
Docket No: 041892-0203 

7 comparing the content with content identification information 

8 contained in the license, 

9 comparing the user network-enabled device with user network-enabled 

10 device identification information contained in the license, and 

1 1 comparing the media player on the user network-enabled device with 

12 media player identification information contained in the license, and 

13 wherein the server network device is programmed to deny 

14 enablement of the license if the results of any of the comparisons are false and wherein the 

15 license resides on the user network-enabled device. 

1 75. A method of restricting forwarding and reversing from a current 
^ position in a media file by a media player, comprising: 

y| providing watermark information to a digital rights management system 

v 4 associated with the media player, the watermark information defining time intervals that limit 

£ 

ijf forward and reverse progression through the media file from the current position in the media 

'% file; and 

? 5 preventing forwarding and reversing of the media file beyond the limits 

13 defined by the time intervals. 

il 76. The method recited in claim 75, wherein providing watermark 

2 information to the digital rights management system associated with the media player 

3 comprises providing the watermark information in a license data object within a protected 

4 data base, the license data object comprising access information associated with the movie 

5 file. 

1 77. The method recited in claim 76, wherein the access information 

2 comprises a rental model. 

1 78. The method recited in claim 77, wherein the rental model comprises 

2 the watermark information. 

1 79. The method recited in claim 75, wherein the digital rights 

2 management system associated with the media player enforces the defined time interval 

3 limits by preventing progression of the movie file beyond the defined time interval limits. 
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1 80. The method recited in claim 79, wherein the digital rights 

2 management system associated with the media player enforces the defined time interval 

3 limits by tracking the user's progress in viewing the movie and restricting the reversing or 

4 fast-forwarding of the movie file by at least one of a hardware timer and a software timer. 

1 81. The method recited in claim 75, wherein providing watermark 

2 information to the digital rights management system associated with the media player 

3 comprises providing watermarks at timed intervals in the movie file. 

1 82. A business method for authenticating a license to access content in a 

2 user-perceptible form on a user network-enabled device, comprising: 

;«3 providing a server network device, the server network device 

•ft communicating with the user network-enabled device via a communication link; 

TO 

lU offering, for a pre-defined remuneration, licenses associated with 

J| selected content and allowing, when the license is enabled, the user network-enabled device 

°17 to access the selected content in a user-perceptible form in conformance with a selected rental 

*8 model; 

J§ transferring the license associated with the selected content to the user 

W} network- enabled device, the license containing access information; and 

If comparing the access information contained in the transferred license 

12 to pre-defined information residing on the user network-enabled device; 

13 wherein the server network device is programmed to deny 

14 enablement of the license if the result of the comparison is false. 

1 83. A method for authorization of a license for content, the license being 

2 transferred from a first user network-enabled device to a second user network-enabled device, 

3 comprising: 

4 transferring the content from the first user network-enabled device to the 

5 second user network-enabled device; 

6 connecting the second user network-enabled device to a server network device, 

7 the server network device providing a user interface; 

8 obtaining a license for the content, the license comprising access information; 

9 and 
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10 comparing the access information contained in the license to pre- 

1 1 defined information residing on the second user network-enabled device; 

12 wherein the server network device is programmed to deny 

13 enablement of the license if the result of the comparison is false. 

1 84. The method recited in claim 83, wherein connecting the second user 

2 network-enabled device to the server network device comprises connecting to a website on 

3 the Internet. 

1 85. The method recited in claim 83, wherein transferring the content 

2 from the first user network-enabled device to the second user network-enabled device 
f .=3 comprises copying the content to a computer readable disc, transporting the computer 

readable disc to the location of the second user network-enabled device, and copying the 

111 content from the computer readable disc to the second user network-enabled device. 

ip 86. The method recited in claim 83, wherein transferring the content 

from the first user network-enabled device to the second user network-enabled device 
% comprises downloading the content from the first user network-enabled device to the second 
13 user network-enabled device over a network. 

§1 87. The method recited in claim 83, wherein transferring the content 



2 from the first user network-enabled device to the second user network-enabled device 

3 comprises the second user network-enabled device accessing content residing on the first 

4 user network-enabled device through a file-swapping user interface provided by the server 

5 network device, the file-swapping user interface allowing access to and transfer of content, 

6 the content residing on a plurality of user network-enabled devices, the plurality of user 

7 network-enabled devices being connected to the file-swapping user interface. 

1 88. The method recited in claim 87, further comprising selection by the 

2 user of the second user network-enabled device of content residing on the first user 

3 network-enabled device and requesting transfer of the selected content to the second user 

4 network-enabled device. 
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1 89. The method recited in claim 88, further comprising transferring the 

2 selected content from the first user network-enabled device to the second network-enabled 

3 device. 
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